Table of Contents
For this discussion, let’s assume you’re working with libpcap 1.0 or later. You probably don’t want to work with a version older than 1.0, even if whatever OS you’re using happens to include libpcap - older versions are not as friendly towards adding support for devices other than standard network interfaces.
First, read the libpcap documentation on writing a new libpcap module
(It’s currently incomplete, but I’ll be finishing it up over time. If you have contributions, feel free to submit pull requests for it.)
If you had to introduce one or more new DLT_*
values, you will
also have to add support in Wireshark for those DLT_*
values to
wiretap/pcap-common.c, which might mean adding one or more
WTAP_ENCAP types to wtap.h and to the encap_table[]
table in
wiretap/wtap.c. You’d then have to write a dissector or dissectors for
the link-layer protocols or protocols and have them register themselves
with the wtap_encap
dissector table, with the appropriate WTAP_ENCAP
values by calling dissector_add_uint()
.